Ad Widget

Collapse

Lets talk about log monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • bignose
    Member
    • Dec 2008
    • 58
    #1

    Lets talk about log monitoring

    i'm curious about a few things:

    1: how well does it deal with very busy logs
    2: is it real time or periodic checks

    I guess what I'm asking, does there come a time when a log is too busy that zabbix is not a great solution?
    Tags: None
    • bignose
      Member
      • Dec 2008
      • 58
      #2
      3: every $inverval zabbix opens up the log file, goes to where it stopped reading last, opens up the file and looks for $regex. if i have 5 different items each with a unique regex then i'm opening that file and reading it 5 times every $interval.

      Seems like it could get really io hungry. is the solution to just have 1 regex that includes all of your conditions?

        Comment

        • natalia
          Senior Member
          • Apr 2013
          • 159
          #3
          Originally posted by bignose
          3: every $inverval zabbix opens up the log file, goes to where it stopped reading last, opens up the file and looks for $regex. if i have 5 different items each with a unique regex then i'm opening that file and reading it 5 times every $interval.

          Seems like it could get really io hungry. is the solution to just have 1 regex that includes all of your conditions?
          Hi,

          Did you find the solution ? How did you config log monitoring ?

          We also need to config log monitoring of ~20 different strings in one log

          We tried several options :
          1. put all of them in one item with "|" - but it's too long
          2. define all 20 string in global "Regular expressions" - don't work since it using "AND" operator and not "OR"
          3. define 20 different items - don't think that it's good idea

          Thanks
          Natalia

            Comment

            • HaveDill
              Senior Member
              • Sep 2014
              • 103
              #4
              Originally posted by natalia
              Hi,

              Did you find the solution ? How did you config log monitoring ?

              We also need to config log monitoring of ~20 different strings in one log

              We tried several options :
              1. put all of them in one item with "|" - but it's too long
              2. define all 20 string in global "Regular expressions" - don't work since it using "AND" operator and not "OR"
              3. define 20 different items - don't think that it's good idea

              Thanks
              Natalia



              You could just make 1 log item that collects the entire log, and make a trigger that looks for the regex.

                Comment

                • natalia
                  Senior Member
                  • Apr 2013
                  • 159
                  #5
                  Originally posted by HaveDill
                  You could just make 1 log item that collects the entire log, and make a trigger that looks for the regex.
                  Thanks for the reply!
                  log include a lot of data (~20M every 10 min on 1000 servers), I need the way to filter it on the item.

                    Comment

                    • dirckcopeland
                      Member
                      • Oct 2013
                      • 50
                      #6
                      Lets talk about log monitoring

                      I've just started looking at this myself but from what I've been reading, it may make sense if you have multiple things to look for in one file, create a separate item for each and treat each one individually for the purpose of creating triggers.

                        Comment

                        Previous template Next
                        Working...